chore: OWASP API Top 10 2019 Stable Release

terencedenning · Dec 26, 2019 · 76e4c0a · 76e4c0a
1 parent 4419718
commit 76e4c0a
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 24 deletions.
diff --git a/2019/en/dist/owasp-api-security-top-10.odt b/2019/en/dist/owasp-api-security-top-10.odt
diff --git a/2019/en/dist/owasp-api-security-top-10.pdf b/2019/en/dist/owasp-api-security-top-10.pdf
diff --git a/2019/en/src/0xa2-broken-user-authentication.md b/2019/en/src/0xa2-broken-user-authentication.md
@@ -56,7 +56,7 @@ within a few minutes.
   storage. Use the standards.
 * Credential recovery/forget password endpoints should be treated as login
   endpoints in terms of brute force, rate limiting, and lockout protections.
-* Use the [OWASP Authentication Cheatsheet][3]
+* Use the [OWASP Authentication Cheatsheet][3].
 * Where possible, implement multi-factor authentication.
 * Implement anti brute force mechanisms to mitigate credential stuffing,
   dictionary attack, and brute force attacks on your authentication endpoints.

diff --git a/2019/en/src/0xa3-excessive-data-exposure.md b/2019/en/src/0xa3-excessive-data-exposure.md
@@ -44,7 +44,7 @@ the site.
   data.
 * Backend engineers should always ask themselves "who is the
   consumer of the data?" before exposing a new API endpoint.
-* Avoid using generic methods such as to_json() and to_string().
+* Avoid using generic methods such as `to_json()` and `to_string()`.
   Instead, cherry-pick specific properties you really want to return
 * Classify sensitive and personally identifiable information (PII) that
   your application stores and works with, reviewing all API calls returning such

diff --git a/2019/en/src/0xa4-lack-of-resources-and-rate-limiting.md b/2019/en/src/0xa4-lack-of-resources-and-rate-limiting.md
@@ -12,7 +12,7 @@ API requests consume resources such as network, CPU, memory, and storage. The
 amount of resources required to satisfy a request greatly depends on the user
 input and endpoint business logic. Also, consider the fact that requests from
 multiple API clients compete for resources. An API is vulnerable if at least one
-of the following limits is missing or set inappropriately (e.g., too low/high).
+of the following limits is missing or set inappropriately (e.g., too low/high):
 
 * Execution timeouts
 * Max allocable memory

diff --git a/2019/en/src/0xd1-acknowledgments.md b/2019/en/src/0xd1-acknowledgments.md
@@ -22,7 +22,9 @@ or via other means:
 * jmanico
 * jmdx
 * kozmic
+* LauraRosePorter
 * Matthieu Estrade
+* nathanawmk
 * PauloASilva
 * pentagramz
 * philippederyck

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,8 +2,9 @@ How to Contribute
 =================
 
 When contributing to this repository, please first discuss the change you wish
-to make via submitting an issue with the owners of this repository before making a change.
-Fixing typos or rephrasing for better understanding DO NOT require discussion.
+to make via submitting an issue with the owners of this repository before making
+a change. Fixing typos or rephrasing for better understanding DO NOT require
+discussion.
 
 ## Branching Model
 
@@ -38,14 +39,15 @@ follow the steps below:
    Although there's an [`.editorconfig` file][1] on repository's root, your
    editor may not support it. To learn more about [EditorConfig][2] and text
    editors/IDEs support, check the website: https://editorconfig.org/.
-   
+
 5. Commit your changes.
 
    1. Check modified files and add only required ones (e.g., build artifacts
       SHOULD NOT be tracked).
-   2. The first line of the commit message should provide a brief description of your
-      changes. You can go into more details on the optional commit message body.
-
+   2. The first line of the commit message should provide a brief description of
+      your changes. You can go into more details on the optional commit message
+      body.
+
 6. Push changes to your public repository.
    ```
    git push origin fix/foreword-section

diff --git a/README.md b/README.md
@@ -1,11 +1,3 @@
-:warning: **OWASP API Security Top 10 2019 RC is waiting for comments and
-contributions.** :warning:
-
-Please check the [PDF][2] and [how to contribute][4]. The working draft is in
-branch [develop][3].
-
----
-
 OWASP API Security Top 10
 =========================
 
@@ -32,24 +24,24 @@ builders, breakers, and defenders in the community.
 
 This project aims to:
 
-* Create the OWASP Top Ten API Security Risks document, which can easily underscore the
-  most common risks in the area.
+* Create the OWASP Top Ten API Security Risks document, which can easily
+  underscore the most common risks in the area.
 * Create a documentation portal for developers to build APIs in a secure manner.
-* Work closely with the security community to maintain living documents that evolve with
-  security trends.
+* Work closely with the security community to maintain living documents that
+  evolve with security trends.
 
 ## Project Leaders
 
 * [Erez Yalon][0]
-* Inon Shkedy
+* [Inon Shkedy][5]
 
 ## Licensing
 
 **The OWASP API Security Project documents are free to use!**
 
 The OWASP API Security Project is licensed under the [Creative Commons
-Attribution-ShareAlike 3.0 license][1], so you can copy, distribute, and transmit
-the work. You can also adapt it, and use it commercially, as long as
+Attribution-ShareAlike 3.0 license][1], so you can copy, distribute, and
+transmit the work. You can also adapt it, and use it commercially, as long as
 you attribute the work. If you alter, transform, or build upon this work, you
 may distribute the resulting work only under the same or similar license to this
 one.
@@ -59,3 +51,4 @@ one.
 [2]: https://github.com/OWASP/API-Security/blob/develop/2019/en/dist/owasp-api-security-top-10.pdf
 [3]: https://github.com/OWASP/API-Security/tree/develop/
 [4]: https://github.com/OWASP/API-Security/blob/master/CONTRIBUTING.md
+[5]: https://www.owasp.org/index.php/User:Inon